5.8
Table Of Contents
- vCloud Suite Architecture Overview and Use Cases
- Contents
- About this book
- Introduction to vCloud Suite
- Architecture Overview
- Conceptual Design of a vCloud Suite Environment
- vCloud Suite Components in the Management Cluster
- Software-Defined Data Center Core Infrastructure
- Delivering an Infrastructure Service
- Delivering Platform as a Service
- Deploying vCloud Suite
- Install vCloud Suite Components
- Update vCloud Suite Components
- External Dependencies for Deploying vCloud Suite
- System Requirements of vCloud Suite Components
- Security Considerations
- Licensing
- vCloud Suite Licensing Model
- Activating vCloud Suite Components in the vSphere Web Client
- Activating vCloud Suite Components in the vSphere Client
- Add the vCloud Suite License by Using the vSphere Client
- Assign the vCloud Suite License to vSphere in the vSphere Client
- Assign the vCloud Suite License to vCenter Operations Management Suite in the vSphere Client
- Assign the vCloud Suite License to vCloud Networking and Security in the vSphere Client
- Assign the vCloud Suite License Key to vCenter Site Recovery Manager
- Activating vCloud Suite Components by Using Their Own Licensing Interfaces
- Monitoring License Usage for vCloud Suite
- vCloud Suite Use Cases
- Index
n
Securing Standard Switch Ports on page 36
As with physical network adapters, a virtual network adapter can send frames that appear to be from
a different machine or impersonate another machine so that it can receive network frames intended for
that machine. Also, like physical network adapters, a virtual network adapter can be configured so
that it receives frames targeted for other machines.
n
Securing iSCSI Storage on page 37
The storage configured for a host might include one or more storage area networks (SANs) that use
iSCSI. When iSCSI is configured on a host, several measures can be taken to minimize security risks.
n
Securing ESXi and the ESX Management Interfaces on page 38
Security of the ESXi management interface is critical to protect against unauthorized intrusion and
misuse. If a host is compromised in certain ways, the virtual machines it interacts with might also be
compromised. To minimize the risk of an attack through the management interface, ESXi is protected
with a firewall.
n
Securing vCenter Server Systems on page 39
Securing vCenter Server includes ensuring security of the host where vCenter Server is running,
following best practices for assigning privileges and roles, and verifying the integrity of the clients that
connect to vCenter Server.
n
Encryption and Security Certificates on page 39
ESXi and vCenter Server support standard X.509 version 3 (X.509v3) certificates to encrypt session
information sent over Secure Socket Layer (SSL) protocol connections between components. If SSL is
enabled, data is private, protected, and cannot be modified in transit without detection.
n
vCenter Single Sign-On on page 39
vCenter Single Sign-On is a component of the management infrastructure that provides the capability
to manage the environment with Active Directory credentials.
Security and Virtual Machines
Virtual machines are the containers in which applications and guest operating systems run. By design, all
VMware virtual machines are isolated from one another. This isolation enables multiple virtual machines to
run securely while sharing hardware and provides both their ability to access hardware and their
uninterrupted performance.
Even a user with system administrator privileges on a virtual machine's guest operating system cannot
breach this layer of isolation to access another virtual machine without privileges explicitly granted by the
ESXi system administrator. As a result of virtual machine isolation, if a guest operating system running in a
virtual machine fails, other virtual machines on the same host continue to run. The guest operating system
failure has no effect on:
n
The ability of users to access the other virtual machines.
n
The ability of the operational virtual machines to access the resources they need.
n
The performance of the other virtual machines.
Each virtual machine is isolated from other virtual machines running on the same hardware. Although
virtual machines share physical resources such as CPU, memory, and I/O devices, a guest operating system
on an individual virtual machine cannot detect any device other than the virtual devices made available to
it.
vCloud Suite Architecture Overview and Use Cases
32 VMware, Inc.